Running the POC on the latest chrome available does create a new WebRTC session as shown in chrome://webrtc-internals, but I haven't had the opportunity to turn this into a fully working POC.

With the current CSP, this WebRTC session shouldn't have been created at all. With more prodding, this can be turned into a viable attack. Thankfully, a fix will hopefully be merged into the spec and fixes can be added to the major browsers soon.